<?php
/*
 Get and set permissions of user
 
 Michael Schwarz - 07.12.2010
*/

define("PERM_ADMIN", 1);
define("PERM_WRITE_NEWS", 2);
define("PERM_ADD_DATE", 3);
define("PERM_UPLOAD_PIC", 4);
define("PERM_SEND_INVITATION", 5);
define("PERM_SEND_GROUP_PM", 6);


function user_is_logged_in() {
 $logged_in = 0;
 if(isset($_SESSION["user"])) {
  if(get_settings_user("uid", "") != secure_get_unique_id()) {
   echo "Session hijacked!";
  } else {
   $logged_in = 1;
  }
 }
 return $logged_in;
}

function has_permission($perm) {
 if(!user_is_logged_in()) return false;
 $r = db_query("SELECT * FROM permissions WHERE user='".secure_mysql_string($_SESSION["user"])."'");
 $v = mysql_fetch_array($r);
 return get_permission($v, $perm);
}

function set_permission($user, $perm) {
 if(!has_permission(PERM_ADMIN)) return;
 $r = db_query("SELECT * FROM permissions WHERE user='".secure_mysql_string($user)."'");
 $v = mysql_fetch_array($r);
 
 $field = floor($perm / 31) + 1;
 $index = $perm % 31;
 $v["perm".$field] |= (1 << $index);

 db_query("UPDATE permissions SET perm".$field."=".$v["perm".$field]." WHERE user='".secure_mysql_string($user)."'");
 _log(LOG_ADMIN, "Set permission ".$perm." for user '".secure_mysql_string($user)."'");
}

function clear_permission($user, $perm) {
 if(!has_permission(PERM_ADMIN)) return;
 $r = db_query("SELECT * FROM permissions WHERE user='".secure_mysql_string($user)."'");
 $v = mysql_fetch_array($r);
 
 $field = floor($perm / 31) + 1;
 $index = $perm % 31;
 $v["perm".$field] &=~(1 << $index);

 db_query("UPDATE permissions SET perm".$field."=".$v["perm".$field]." WHERE user='".secure_mysql_string($user)."'");
 _log(LOG_ADMIN, "Clear permission ".$perm." for user '".secure_mysql_string($user)."'");
}






function get_permission($perms, $perm) {
 // get correct field and index
 $field = floor($perm / 31) + 1;
 $index = $perm % 31;
 
 $p = $perms["perm".$field];
 if($p & (1 << $index)) return true; else return false;
}



function permission_string($user) {
 if(!has_permission(PERM_ADMIN)) return "";
 $r = db_query("SELECT * FROM permissions WHERE user='".secure_mysql_string($user)."'");
 $v = mysql_fetch_array($r);
 $str = "";
 if(get_permission($v, PERM_ADMIN)) $str.="Admin, ";
 if(get_permission($v, PERM_WRITE_NEWS)) $str.="News erstellen, ";
 if(get_permission($v, PERM_ADD_DATE)) $str.="Termin eintragen, ";
 if(get_permission($v, PERM_UPLOAD_PIC)) $str.="Bilder uploaden, ";
 if(get_permission($v, PERM_SEND_INVITATION)) $str.="Einladungen versenden, ";
 if(get_permission($v, PERM_SEND_GROUP_PM)) $str.="Gruppennachrichten versenden, ";
 if(substr($str, -2) == ", ") $str = substr($str, 0, strlen($str) - 2);
 return $str;
}




function debug_permission_viewer() {
echo "<table>";
echo "<tr><th>User</th><th>Admin</th><th>Write news</th><th>Add date</th><th>Upload picture</th><th>Send invitation</th><th>Send group pm</th></tr>";
 $r = db_query("SELECT * FROM permissions");
 while(($v = mysql_fetch_array($r)) != null) {
  echo "<tr>
  <td>".$v["user"]."</td>
  <td>".get_permission($v, PERM_ADMIN)."</td>
  <td>".get_permission($v, PERM_WRITE_NEWS)."</td>
  <td>".get_permission($v, PERM_ADD_DATE)."</td>
  <td>".get_permission($v, PERM_UPLOAD_PIC)."</td>
  <td>".get_permission($v, PERM_SEND_INVITATION)."</td>
  <td>".get_permission($v, PERM_SEND_GROUP_PM)."</td>
  </tr>";
 }
echo "</table>";
}

?>
